From c936623ab6b9d7d51d2bb90f8483222bb9353333 Mon Sep 17 00:00:00 2001
From: Leonard Lyubich <leonard@morphbits.io>
Date: Tue, 5 Sep 2023 19:39:17 +0400
Subject: [PATCH] crypto: Instantiate `neofscrypto.Signature` via constructor

SDK recently provided constructor of signature instances that can be
used when the signature is transmitted differently from the NeoFS API
protocol (e.g. in smart contracts or in Control service).

Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
---
 cmd/neofs-cli/modules/control/util.go  | 12 ++++--------
 pkg/morph/client/container/client.go   | 13 +++++++++++++
 pkg/morph/client/container/eacl.go     | 13 +++++--------
 pkg/morph/client/container/get.go      | 13 +++++--------
 pkg/services/control/ir/server/sign.go | 15 ++++++---------
 pkg/services/control/server/sign.go    | 16 ++++++----------
 pkg/services/tree/signature.go         | 15 ++++++---------
 7 files changed, 45 insertions(+), 52 deletions(-)

diff --git a/cmd/neofs-cli/modules/control/util.go b/cmd/neofs-cli/modules/control/util.go
index bce3b45e470..c006691a161 100644
--- a/cmd/neofs-cli/modules/control/util.go
+++ b/cmd/neofs-cli/modules/control/util.go
@@ -5,13 +5,13 @@ import (
 	"crypto/ecdsa"
 	"errors"
 
-	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
 	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common"
 	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags"
 	controlSvc "github.com/nspcc-dev/neofs-node/pkg/services/control/server"
 	"github.com/nspcc-dev/neofs-sdk-go/client"
 	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
+	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
 	"github.com/spf13/cobra"
 )
 
@@ -41,14 +41,10 @@ func verifyResponse(cmd *cobra.Command,
 		common.ExitOnErr(cmd, "", errors.New("missing response signature"))
 	}
 
-	// TODO(@cthulhu-rider): #1387 use Signature message from NeoFS API to avoid conversion
-	var sigV2 refs.Signature
-	sigV2.SetScheme(refs.ECDSA_SHA512)
-	sigV2.SetKey(sigControl.GetKey())
-	sigV2.SetSign(sigControl.GetSign())
+	var pubKey neofsecdsa.PublicKey
+	common.ExitOnErr(cmd, "decode public key from signature: %w", pubKey.Decode(sigControl.GetKey()))
 
-	var sig neofscrypto.Signature
-	common.ExitOnErr(cmd, "can't read signature: %w", sig.ReadFromV2(sigV2))
+	sig := neofscrypto.NewSignature(neofscrypto.ECDSA_SHA512, &pubKey, sigControl.GetSign())
 
 	if !sig.Verify(body.StableMarshal(nil)) {
 		common.ExitOnErr(cmd, "", errors.New("invalid response signature"))
diff --git a/pkg/morph/client/container/client.go b/pkg/morph/client/container/client.go
index 6233a5fd735..0ea355bd588 100644
--- a/pkg/morph/client/container/client.go
+++ b/pkg/morph/client/container/client.go
@@ -7,6 +7,8 @@ import (
 	"github.com/nspcc-dev/neo-go/pkg/encoding/fixedn"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neofs-node/pkg/morph/client"
+	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
+	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
 )
 
 // Client is a wrapper over StaticClient
@@ -126,3 +128,14 @@ func WithCustomFeeForNamedPut(fee fixedn.Fixed8) Option {
 		o.feePutNamedSet = true
 	}
 }
+
+func decodeSignature(bPubKey, sig []byte) (neofscrypto.Signature, error) {
+	var pubKey neofsecdsa.PublicKeyRFC6979
+
+	err := pubKey.Decode(bPubKey)
+	if err != nil {
+		return neofscrypto.Signature{}, fmt.Errorf("decode public key: %w", err)
+	}
+
+	return neofscrypto.NewSignature(neofscrypto.ECDSA_DETERMINISTIC_SHA256, &pubKey, sig), nil
+}
diff --git a/pkg/morph/client/container/eacl.go b/pkg/morph/client/container/eacl.go
index dfb04c3ef43..2111c4e4b90 100644
--- a/pkg/morph/client/container/eacl.go
+++ b/pkg/morph/client/container/eacl.go
@@ -4,7 +4,6 @@ import (
 	"crypto/sha256"
 	"fmt"
 
-	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	"github.com/nspcc-dev/neofs-node/pkg/core/container"
 	"github.com/nspcc-dev/neofs-node/pkg/morph/client"
 	apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
@@ -86,12 +85,10 @@ func (c *Client) GetEACL(cnr cid.ID) (*container.EACL, error) {
 		}
 	}
 
-	// TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion
-	var sigV2 refs.Signature
-	sigV2.SetKey(pub)
-	sigV2.SetSign(sig)
-	sigV2.SetScheme(refs.ECDSA_RFC6979_SHA256)
+	res.Signature, err = decodeSignature(pub, sig)
+	if err != nil {
+		return nil, fmt.Errorf("decode signature: %w", err)
+	}
 
-	err = res.Signature.ReadFromV2(sigV2)
-	return &res, err
+	return &res, nil
 }
diff --git a/pkg/morph/client/container/get.go b/pkg/morph/client/container/get.go
index 9649c51a526..2d0bea8927d 100644
--- a/pkg/morph/client/container/get.go
+++ b/pkg/morph/client/container/get.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	containerContract "github.com/nspcc-dev/neofs-contract/container"
 	containercore "github.com/nspcc-dev/neofs-node/pkg/core/container"
 	core "github.com/nspcc-dev/neofs-node/pkg/core/container"
@@ -102,12 +101,10 @@ func (c *Client) Get(cid []byte) (*containercore.Container, error) {
 		}
 	}
 
-	// TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion
-	var sigV2 refs.Signature
-	sigV2.SetKey(pub)
-	sigV2.SetSign(sigBytes)
-	sigV2.SetScheme(refs.ECDSA_RFC6979_SHA256)
+	cnr.Signature, err = decodeSignature(pub, sigBytes)
+	if err != nil {
+		return nil, fmt.Errorf("decode signature: %w", err)
+	}
 
-	err = cnr.Signature.ReadFromV2(sigV2)
-	return &cnr, err
+	return &cnr, nil
 }
diff --git a/pkg/services/control/ir/server/sign.go b/pkg/services/control/ir/server/sign.go
index ef4c99fbdf3..a30f58d3377 100644
--- a/pkg/services/control/ir/server/sign.go
+++ b/pkg/services/control/ir/server/sign.go
@@ -6,7 +6,6 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	control "github.com/nspcc-dev/neofs-node/pkg/services/control/ir"
 	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
 	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
@@ -50,17 +49,15 @@ func (s *Server) isValidRequest(req SignedMessage) error {
 		return fmt.Errorf("marshal request body: %w", err)
 	}
 
-	// TODO(@cthulhu-rider): #1387 use Signature message from NeoFS API to avoid conversion
-	var sigV2 refs.Signature
-	sigV2.SetKey(sign.GetKey())
-	sigV2.SetSign(sign.GetSign())
-	sigV2.SetScheme(refs.ECDSA_SHA512)
+	var pubKey neofsecdsa.PublicKey
 
-	var sig neofscrypto.Signature
-	if err := sig.ReadFromV2(sigV2); err != nil {
-		return fmt.Errorf("can't read signature: %w", err)
+	err = pubKey.Decode(sign.GetKey())
+	if err != nil {
+		return fmt.Errorf("decode public key in signature: %w", err)
 	}
 
+	sig := neofscrypto.NewSignature(neofscrypto.ECDSA_SHA512, &pubKey, sign.GetSign())
+
 	if !sig.Verify(binBody) {
 		// TODO(@cthulhu-rider): #1387 use "const" error
 		return errors.New("invalid signature")
diff --git a/pkg/services/control/server/sign.go b/pkg/services/control/server/sign.go
index a599fd5994c..3d67706e647 100644
--- a/pkg/services/control/server/sign.go
+++ b/pkg/services/control/server/sign.go
@@ -6,7 +6,6 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	"github.com/nspcc-dev/neofs-node/pkg/services/control"
 	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
 	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
@@ -50,17 +49,15 @@ func (s *Server) isValidRequest(req SignedMessage) error {
 		return fmt.Errorf("marshal request body: %w", err)
 	}
 
-	// TODO(@cthulhu-rider): #1387 use Signature message from NeoFS API to avoid conversion
-	var sigV2 refs.Signature
-	sigV2.SetKey(sign.GetKey())
-	sigV2.SetSign(sign.GetSign())
-	sigV2.SetScheme(refs.ECDSA_SHA512)
+	var pubKey neofsecdsa.PublicKey
 
-	var sig neofscrypto.Signature
-	if err := sig.ReadFromV2(sigV2); err != nil {
-		return fmt.Errorf("can't read signature: %w", err)
+	err = pubKey.Decode(sign.GetKey())
+	if err != nil {
+		return fmt.Errorf("decode public key from signature: %w", err)
 	}
 
+	sig := neofscrypto.NewSignature(neofscrypto.ECDSA_SHA512, &pubKey, sign.GetSign())
+
 	if !sig.Verify(binBody) {
 		// TODO(@cthulhu-rider): #1387 use "const" error
 		return errors.New("invalid signature")
@@ -83,7 +80,6 @@ func SignMessage(key *ecdsa.PrivateKey, msg SignedMessage) error {
 		return fmt.Errorf("calculate signature: %w", err)
 	}
 
-	// TODO(@cthulhu-rider): #1387 use Signature message from NeoFS API to avoid conversion
 	var sigControl control.Signature
 	sigControl.SetKey(sig.PublicKeyBytes())
 	sigControl.SetSign(sig.Value())
diff --git a/pkg/services/tree/signature.go b/pkg/services/tree/signature.go
index 4b470c85bb4..d18139d6106 100644
--- a/pkg/services/tree/signature.go
+++ b/pkg/services/tree/signature.go
@@ -8,7 +8,6 @@ import (
 	"fmt"
 
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
-	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	core "github.com/nspcc-dev/neofs-node/pkg/core/container"
 	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	statusSDK "github.com/nspcc-dev/neofs-sdk-go/client/status"
@@ -126,17 +125,15 @@ func verifyMessage(m message) error {
 
 	sig := m.GetSignature()
 
-	// TODO(@cthulhu-rider): #1387 use Signature message from NeoFS API to avoid conversion
-	var sigV2 refs.Signature
-	sigV2.SetKey(sig.GetKey())
-	sigV2.SetSign(sig.GetSign())
-	sigV2.SetScheme(refs.ECDSA_SHA512)
+	var pubKey neofsecdsa.PublicKey
 
-	var sigSDK neofscrypto.Signature
-	if err := sigSDK.ReadFromV2(sigV2); err != nil {
-		return fmt.Errorf("can't read signature: %w", err)
+	err = pubKey.Decode(sig.GetKey())
+	if err != nil {
+		return fmt.Errorf("decode public key from signature: %w", err)
 	}
 
+	sigSDK := neofscrypto.NewSignature(neofscrypto.ECDSA_SHA512, &pubKey, sig.GetKey())
+
 	if !sigSDK.Verify(binBody) {
 		return errors.New("invalid signature")
 	}